Optimizing cross-channel marketing for privacy and compliance, Part II: Data integration

Here’s another true premise borrowed from Seth Godin: “The internet was supposed to homogenize everyone by connecting us all. Instead what it’s allowed is silos of interest.” In Part I of this series I highlighted what regulatory and self-regulatory controls to be mindful of when acquiring subscribers through your various data acquisition efforts. In this installment I will cover how to best integrate data in the ‘age of context’[1] so as to addresses important questions about digital privacy.

Disclose tracking and data integration efforts and get consent where you can

It is a fact that personal information combined with geo-location, social activity, online behavioral and other contextual data create more fine-grained information about an individual. If a consumer can interact with you on Facebook, engage with your services through a mobile app, or react to your electronic messages and notifications, chances are you’re already breaking down silos to better understand and anticipate their needs. When integrating across communication channels you want to make sure that the mix of information at play is adequately discussed in your privacy policies.

One difficult topic that deserves discussion is the question of anonymity. It’s true that historically display ads have been targeted anonymously, but with first-party website, social integration and new cross-site tracking technologies the terms “anonymous” and “non-personal” may not always be accurate. A common example is when a pixel tag is used in an email message to drive a web click-through, serves a third-party tracking pixel with cookie and is then used for retargeting using the first-party data. When coupled with the users’ shopping cart or other content-specific segmentation, this email-pixel- cookie-tracked web behavior becomes muddled with personal, anonymous and non-personal information.

Ask tough questions like, “Who owns this data? Where should this data be stored? Who can share this data?” [2]

The first-party data silos of the past are being aerated by the proliferation of application programming interfaces (API’s) that help foster omni-channel, cross-platform interactions.

In addition to having a presence on social media websites, marketers are increasingly utilizing tools and services to identify and connect with their customers or qualified prospects across multiple social networks, websites and devices. A growing host of startup companies and others are providing integration and reporting services that enable marketers to know more about where their customers are on social media, and in some cases, where they are and what they are saying.

Social network data access terms vary widely, and are updated frequently, but they share some common principles. The basic premise is that API access is subject to a specified license and the marketer is not given explicit ‘ownership’ rights, even if the end user consents, since the API is primarily intended to benefit the social experience and not outside marketing. As an example, Facebook’s Platform Policy instructs developers that data may be used for a specifically requested service directed by the user, in the aggregate, to create lookalike models or otherwise gain insights on types of users. Most social networks also restrict access by minors, the use of certain sensitive demographic information, and advertising for eligibility (i.e.; FCRA purposes) and sweepstakes.

So, for any vendor or agency you work with or come into contact with to help you integrate display advertising, social, mobile, or other tracking, you will want to understand what their privacy components are so as to include in your privacy policy.

Allow users to opt-out of Online Behavioral Advertising (OBA) whenever possible

As more websites integrate with third-party advertising services, it is increasingly important for publishers, advertisers and service providers to participate in, or adhere to, the cross-industry Digital Advertising Alliance (DAA) Self-Regulatory Principles for Online Behavioral Advertising and Application of Self-Regulatory Principles to the Mobile Environment. Adhesion to the principles displays a commitment from the online and mobile advertising industry to increased transparency and choices for consumers with interest-based tracking and advertising.

The DAA is now mandating that some transparency for targeted advertising is included in privacy policies, but cross-site and cross-network opt-out functionality still has ways to go. For the time being and where available, consumers need to understand how to adjust their browser and smartphone settings, and use available third-party services[3] to limit tracking.

In September of 2013 California signed into law the first ever “Do not Track” (DNT) disclosure law, amending the state’s already trailblazing Online Privacy Protection Act. The industry is still fragmented over what DNT actually means and how it should be honored, let alone how it should be discussed with consumers. (We expect more developments on the DNT issue in the immediate future.)

When it comes to mobile, device tracking presents an entirely new privacy challenge. Unique and persistent device identifiers and MAC addresses are 100% accurate and are used for app install and in-app interaction tracking. Increasingly these IDs are being used for campaign performance measurement and addressable or behavioral advertising. Consumer education and controls for such tracking is still limited but tech giants like Apple and Google are starting to address the privacy gap by providing a way to opt-out or modify their unique mobile ID.

Putting it all together to strengthen, not break, your data integration efforts

There are currently so many opportunities to integrate social and display into existing marketing programs, and to make consumer engagement more personalized and relevant than ever. It certainly appears that social media integration, online behavioral advertising, and mobile device tracking are the new privacy frontiers.

Given the rapid online/mobile convergence, when developing your privacy policy be very aware of restrictive language which tells consumers that “you never” or “will not” collect or share certain information when in fact you do, or may in the future. If a change in practice turns out to be material, a change to the privacy policy would be necessary along with an enhanced notice to consumers with an opportunity to opt out of that use.
Here’s a recap of what you can do to ensure that your integration efforts keep up with privacy expectations and obligations.

1.       Disclose what data you integrate and why. Get consent where you can.

2.       Allow consumers to opt-out of OBA and mobile tracking. Vendors can help.

3.       Sign on to cross-industry self-regulation. We can help.

4.       Put Parts I and II together. Stay tuned for Part III.

[1] As defined by Robert Scoble and Shel Israel in “Age of Context: Mobile, Sensors, Data and the Future of Privacy”. For a more sci-fi take on the impact technology can have on privacy, see the collaborative work of Stephen Baxter and Arthur C. Clarke in “The Light of Other Days”.

[2] Author Shel Israel highlights these questions when discussing the five contextual forces reshaping business and technology today. See the full interview with the Silicon Valley Business Journal here.

[3] For information about vendor-based opt-out solutions, visit Evidon and TRUSTe.